#!/bin/bash
#
#********************************************************************
# Author:		zhangjunjie
# Date: 		2022-06-13
# FileName：	certificate_operations.sh
# Description：	自定义证书的操作方法合集
# -subj 参数说明
#   C  =  Country Name (2 letter code) [XX]:CN
#   ST =  State or Province Name (full name) []:BeiJing1
#   L  =  Locality Name (eg, city) [Default City]:Beijing2
#   O  =  Organization Name (eg, company) [Default Company Ltd]:magedu.Ltd
#   OU =  Organizational Unit Name (eg, section) []:magedu
#   CN =  Common Name (eg, your name or your server's hostname) []:ca.magedu.org
#********************************************************************

## 先判断是否存在自定义的方法文件, 如果不存在, 则进行下载操作
if [ ! -e self_function.sh ]; then
	rpm -q wget || (yum install wget -y || { echo -e "\E[31;1m 安装 wget 软件包失败 \E[0m" ; exit; })

	echo -e "\E[33;1m 下载自定义方法中 \E[0m"
	wget https://gitee.com/gkdaxue/shell_script/raw/master/self_function.sh
	if [ ! -e self_function.sh ]; then 
		echo -e "\E[31;1m 下载自定义方法失败 \E[0m"
		exit;
	fi
fi

## 加载自定义方法
. ./self_function.sh
actions 'echo_tips' "加载自定义方法";


#证书存放目录
DIR=/apps/nginx/cert/
mkdir -p $DIR
cd $DIR

#证书编号最大值
N=2

#每个证书信息
declare -A CERT_INFO
CERT_INFO=([subject0]="/O=sre/CN=ca.sre.com" \
           [keyfile0]="ca.key" \
           [crtfile0]="ca.cert" \
           [rsa_bits0]=4096 \
           [expire0]=3650 \
           [serial0]=0    \
           [subject1]="/C=CN/ST=jiangsu/L=nanjing/O=sre/CN=www.sre.com" \
           [keyfile1]="www_sre_com.key" \
           [crtfile1]="www_sre_com.crt" \
           [pemfile1]="www_sre_com.pem" \
           [csrfile1]="www_sre_com.csr" \
           [rsa_bits1]=4096 \
           [expire1]=365
           [serial1]=1 \
           [subject2]="/C=CN/ST=jiangsu/L=nanjing/O=sre/CN=m.sre.com" \
           [keyfile2]="m_sre_com.key" \
           [crtfile2]="m_sre_com.crt" \
           [pemfile2]="m_sre_com.pem" \
           [csrfile2]="m_sre_com.csr" \
           [rsa_bits2]=4096 \
           [expire2]=365 \
           [serial2]=2  )

## 生成和签发证书操作
create_certificate (){
	## 开始生成 csr 文件并签发
	for((i=1;i<=N;i++));do
		openssl req -sha256 -newkey rsa:${CERT_INFO[rsa_bits${i}]} -nodes -subj ${CERT_INFO[subject${i}]} \
			-keyout ${CERT_INFO[keyfile${i}]}   -out ${CERT_INFO[csrfile${i}]}

		openssl x509 -req -in ${CERT_INFO[csrfile${i}]}  -CA ${CERT_INFO[crtfile0]} \
			-CAkey ${CERT_INFO[keyfile0]}  -set_serial ${CERT_INFO[serial${i}]}  \
			-days ${CERT_INFO[expire${i}]} -out ${CERT_INFO[crtfile${i}]}
			   
		actions 'echo_tips' "生成证书信息如下"
		openssl x509 -in ${CERT_INFO[crtfile${i}]} -noout -subject -dates -serial
		echo
		cat ${CERT_INFO[crtfile${i}]}  ${CERT_INFO[crtfile0]} > ${CERT_INFO[pemfile${i}]}
		
	done
	chmod 600 *.key
}

## 开始定义生成证书的操作
menus=(
"CA自签证书&申请证书并颁发"
"申请证书并颁发"
)
PS3="请选择你要进行的操作 : "
select menu in ${menus[@]} ; do
	case $REPLY in
		## CA自签证书&申请证书并颁发
	    1)
			## 生成 CA 的自签名证书
			actions 'echo_tips' "开始生成 CA 文件"
			openssl req  -x509 -sha256 -newkey rsa:${CERT_INFO[rsa_bits0]} -subj ${CERT_INFO[subject0]} \
				-set_serial ${CERT_INFO[serial0]} -keyout ${CERT_INFO[keyfile0]} -nodes \
				-days ${CERT_INFO[expire0]}  -out ${CERT_INFO[crtfile0]}
			
			create_certificate
			exit;
			;;
		## 生成 csr 文件并签发	
		2)
			create_certificate
			exit;
	    	;;
 		*)
			echo "Selected number: $REPLY"
			echo "Selected number: $menu"
			exit;
			;;
    esac
done